-
clamav (0.102.3+dfsg-0ubuntu0.19.10.1) eoan-security; urgency=medium
* Updated to 0.102.2 to fix security issues
- debian/libclamav9.symbols: updated for new version.
- debian/rules: bumped CL_FLEVEL to 114.
- CVE-2020-3327
- CVE-2020-3341
-- Marc Deslauriers <email address hidden> Tue, 19 May 2020 14:24:37 -0400
-
clamav (0.102.2+dfsg-0ubuntu0.19.10.1) eoan-security; urgency=medium
* Updated to 0.102.2 to fix security issue (CVE-2020-3123)
- debian/patches/*: synced patches with 0.102.2+dfsg-1.
- debian/libclamav9.symbols: updated for new version.
- debian/rules: bumped CL_FLEVEL to 113.
-- Marc Deslauriers <email address hidden> Tue, 11 Feb 2020 08:45:45 -0500
-
clamav (0.102.1+dfsg-0ubuntu0.19.10.3) eoan; urgency=medium
* d/clamav-daemon.config.in: Correct error from ScanOnAccess option
removal so that setting LogFile options via DebConf works again
(Closes: #950296) (LP: #1860217)
-- Eric Desrochers <email address hidden> Thu, 06 Feb 2020 20:29:28 +0000
-
clamav (0.102.1+dfsg-0ubuntu0.19.10.2) eoan-security; urgency=medium
* Updated to 0.102.1 to fix security issue (CVE-2019-15961)
- debian/patches/*: synced patches with 0.102.1+dfsg-1ubuntu1.
- debian/clamav-daemon.*.in,clamav-freshclam.*.in,
clamav-daemon.templates: added new configuration options, dropped
ClamOnAccess.
- debian/clamav-deamon.install: install new clamonacc binary.
- debian/clamav-docs.*: removed missing docs.
- debian/libclamav9.install: added libfreshclam.so.2.
- debian/libclamav9.symbols: updated for new version.
- debian/rules: bumped CL_FLEVEL to 112.
-- Marc Deslauriers <email address hidden> Tue, 07 Jan 2020 11:07:32 -0500
-
clamav (0.101.4+dfsg-1ubuntu1) eoan; urgency=low
* Merge from Debian unstable. Remaining changes:
- clamav-daemon may fail to start due to options removed in new version
and manually edited configuration file. (LP #1783632)
+ debian/patches/Deprecate-unused-options-instead-of-removing-it.patch:
add patch from Debian stretch to simply warn about removed options.
clamav (0.101.4+dfsg-1) unstable; urgency=medium
* Import 0.101.4
- CVE-2019-12625 (Add scan time limit to limit the processing zip-bombs)
(Closes:934359)
- CVE-2019-12900 (An out of bounds write was possible within ClamAV's
NSIS bzip)
- update symbols file (bump to 101.4 and drop unused cli_strnstr).
-- Gianfranco Costamagna <email address hidden> Sun, 25 Aug 2019 23:25:27 +0200
-
clamav (0.101.2+dfsg-3ubuntu1) eoan; urgency=low
* Merge from Debian unstable. Remaining changes:
- clamav-daemon may fail to start due to options removed in new version
and manually edited configuration file. (LP #1783632)
+ debian/patches/Deprecate-unused-options-instead-of-removing-it.patch:
add patch from Debian stretch to simply warn about removed options.
clamav (0.101.2+dfsg-3) unstable; urgency=medium
* Cherry-pick a fix from 0.101.3 to address a vulnerability to
non-recursive zip bombs.
-- Gianfranco Costamagna <email address hidden> Wed, 07 Aug 2019 08:54:47 +0200
-
clamav (0.101.2+dfsg-2ubuntu1) eoan; urgency=low
* Merge from Debian unstable. Remaining changes:
- clamav-daemon may fail to start due to options removed in new version
and manually edited configuration file. (LP #1783632)
+ debian/patches/Deprecate-unused-options-instead-of-removing-it.patch:
add patch from Debian stretch to simply warn about removed options.
clamav (0.101.2+dfsg-2) unstable; urgency=medium
* Remove python from build-depends:
- Only needed for llvm, which is currently (and probably permanently)
disabled
- Support python2 removal, if this comes back, it will need to be python3
-- Gianfranco Costamagna <email address hidden> Sat, 03 Aug 2019 10:20:31 +0200
-
clamav (0.101.2+dfsg-1ubuntu2) eoan; urgency=medium
* Rebuild against new libjson-c4.
-- Gianfranco Costamagna <email address hidden> Sat, 29 Jun 2019 13:48:24 +0200
-
clamav (0.101.2+dfsg-1ubuntu1) eoan; urgency=medium
* Sync with Debian. Remaining change:
- clamav-daemon may fail to start due to options removed in new version
and manually edited configuration file. (LP #1783632)
+ debian/patches/Deprecate-unused-options-instead-of-removing-it.patch:
add patch from Debian stretch to simply warn about removed options.
clamav (0.101.2+dfsg-1) unstable; urgency=high
* Import 0.101.2
- CVE-2019-1787 (An out-of-bounds heap read condition may occur when
scanning PDF documents)
- CVE-2019-1789 (An out-of-bounds heap read condition may occur when
scanning PE files)
- CVE-2019-1788 (An out-of-bounds heap write condition may occur when
scanning OLE2 files)
- CVE-2019-1786 (An out-of-bounds heap read condition may occur when
scanning malformed PDF documents)
- CVE-2019-1785 (A path-traversal write condition may occur as a result of
improper input validation when scanning RAR archives)
- CVE-2019-1798 (A use-after-free condition may occur as a result of
improper error handling when scanning nested RAR archives)
- update symbols file
- Remove DetectBrokenExecutables option from clamd template, it is
deprecated.
* Drop the dbgsym migration line.
* Bump standards-version to 4.3.0 without further change
clamav (0.101.1+dfsg-3) unstable; urgency=medium
* Upload to unstable.
clamav (0.101.1+dfsg-2) experimental; urgency=medium
[ Scott Kitterman ]
* Add information to README.Debian on configuring clamav-milter's socket to
work with postfix
[ Sebastian Andrzej Siewior ]
* debian/libclamav-dev.install: also install clamav-types.h
clamav (0.101.1+dfsg-1) experimental; urgency=medium
[ Scott Kitterman ]
* Update debian/copyright
* Add Build-Depends-Package to libclamav9.symbols
* Update clamav-docs.doc-base for re-organized documentation
* Add lintian override for source-is-missing on test file that happens
to have long line length
* Drop build-depends on electric-fence, upstream no longer ships the
relevant tests that used it
[ Sebastian Andrzej Siewior ]
* Import 0.101.1
- update symbol file
- add back the json/curl configure options (don't rely on autodetect).
* Add abstractions/openssl to apparmor's profile. Thanks to intrigeri for
the help (Closes: #913020).
* Load the apparmor profile before starting the daemon. Thanks to intrigeri
for the help (Closes: #903834).
* Add attach_disconnected to freshclam's apparmor profile to hopefully get
it properly working in overlayfs enviroment. Thanks to Vincas Dargis
(Closes: #917648).
clamav (0.101.0+dfsg-1) experimental; urgency=medium
[ Scott Kitterman ]
* Increase clamd socket command read timeout to 30 seconds (Closes: #915098)
[ Sebastian Andrzej Siewior ]
* Import new upstream release.
- update symbol file.
- add new options to the config file.
- package libclamav9
-- Marc Deslauriers <email address hidden> Tue, 23 Apr 2019 11:40:41 -0400
-
clamav (0.100.3+dfsg-0ubuntu1) disco; urgency=medium
* Updated to version 0.100.3 to fix security issues. (LP: #1822503)
- debian/libclamav7.symbols: updated to new version.
- CVE-2019-1787
- CVE-2019-1788
- CVE-2019-1789
-- Marc Deslauriers <email address hidden> Thu, 04 Apr 2019 08:19:16 -0400